X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=7600064595c50bebc88eafb9a33d47f7941e1c36;hp=dbdbbaae719d8904165072bdba2f045bea7b217d;hb=ac37f65aaf1f162a2cc57fa8c296a1ff4109adb9;hpb=e9c37113104c1cfb234535adc9b52ad3880a41ce diff --git a/daemon/file.c b/daemon/file.c index dbdbbaa..7600064 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -198,6 +198,11 @@ do_chmod (int mode, const char *path) { int r; + if (mode < 0) { + reply_with_error ("%s: mode is negative", path); + return -1; + } + CHROOT_IN; r = chmod (path, mode); CHROOT_OUT; @@ -283,8 +288,57 @@ do_write_file (const char *path, const char *content, int size) { int fd; + /* This call is deprecated, and it has a broken interface. New code + * should use the 'guestfs_write' call instead. Because we used an + * XDR string type, 'content' cannot contain ASCII NUL and 'size' + * must never be longer than the string. We must check this to + * ensure random stuff from XDR or daemon memory isn't written to + * the file (RHBZ#597135). + */ + if (size < 0) { + reply_with_error ("size cannot be negative"); + return -1; + } + + /* Note content_len must be small because of the limits on protocol + * message size. + */ + int content_len = (int) strlen (content); + if (size == 0) - size = strlen (content); + size = content_len; + else if (size > content_len) { + reply_with_error ("size parameter is larger than string content"); + return -1; + } + + CHROOT_IN; + fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + if (xwrite (fd, content, size) == -1) { + reply_with_perror ("write"); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + return -1; + } + + return 0; +} + +int +do_write (const char *path, const char *content, size_t size) +{ + int fd; CHROOT_IN; fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); @@ -331,25 +385,24 @@ do_read_file (const char *path, size_t *size_r) return NULL; } - *size_r = statbuf.st_size; /* The actual limit on messages is smaller than this. This * check just limits the amount of memory we'll try and allocate * here. If the message is larger than the real limit, that will * be caught later when we try to serialize the message. */ - if (*size_r >= GUESTFS_MESSAGE_MAX) { + if (statbuf.st_size >= GUESTFS_MESSAGE_MAX) { reply_with_error ("%s: file is too large for the protocol, use guestfs_download instead", path); close (fd); return NULL; } - r = malloc (*size_r); + r = malloc (statbuf.st_size); if (r == NULL) { reply_with_perror ("malloc"); close (fd); return NULL; } - if (xread (fd, r, *size_r) == -1) { + if (xread (fd, r, statbuf.st_size) == -1) { reply_with_perror ("read: %s", path); close (fd); free (r); @@ -362,6 +415,10 @@ do_read_file (const char *path, size_t *size_r) return NULL; } + /* Mustn't touch *size_r until we are sure that we won't return any + * error (RHBZ#589039). + */ + *size_r = statbuf.st_size; return r; } @@ -413,10 +470,44 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r) return NULL; } + /* Mustn't touch *size_r until we are sure that we won't return any + * error (RHBZ#589039). + */ *size_r = r; return buf; } +int +do_pwrite (const char *path, const char *content, size_t size, int64_t offset) +{ + int fd; + ssize_t r; + + CHROOT_IN; + fd = open (path, O_WRONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + r = pwrite (fd, content, size, offset); + if (r == -1) { + reply_with_perror ("pwrite: %s", path); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + return -1; + } + + return r; +} + /* This runs the 'file' command. */ char * do_file (const char *path)